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DETAILED ACTION 



Claims 1-77 have been examined. 

Information Disclosure Statement PTO-1449 

1 . No Information disclosure statement was submitted by the applicant. 



Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), 
by another filed in the United States before the invention by the applicant for patent or (2) a 
patent granted on an application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international application filed under the treaty 
defined in section 351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and 
was published under Article 21(2) of such treaty in the English language. 

e 

3. Claims 1 to 4 and 6 to 77 are rejected under 35 U.S.C. 10205) as being 
anticipated by Jooste (U.S. Patent No. 6941470, filed April 7, 2000 and published 
September6 ? 2005). 



3.1 . As per claim 1 , Jooste is directed to a system for protecting a file system of a 
computer (column 6 line 10 to 14), comprising: an interface operable to receive a 
selection of an item of the file system to be included in a safety zone (Fig. 4 method 400 
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as described in column 8 line 13 to 23); a memory in communication with the interface 
and operable to store information relating to the item (Fig. 3 item 317 described in 
column 6 line 13 to 23); and a processor in communication with the memory and 
operable to intercept a system call which potentially could affect the item in the safety 
zone, and to process the system call to avoid permanent modification of the item (Fig. 3 
item 301 as described in column 6 line 23 to 65). Note that Jooste teaches a system or 
method of protection against unauthorized modification of computer resources (files). 
While applications (executable files) are used as an example to describe the invention, 
Jooste clearly indicates that the invention is also applicable to protection of any type of 
file (column 8 line 48 to 51, and column 7 line 15 to 32). 

3.2. As per claim 2, Jooste is directed to the system of claim 1 , wherein the processor 
is operable to examine a composition, information structure, and normal status of the 
file system (column 8 line 22 to 28 and line 61 to 66). 

3.3 As per claim 3, Jooste is directed to the system of claim 1 , wherein the processor 
is operable to cause the computer to only boot from a hard disk drive of the computer. 
Boot source can be configured in Microsoft Widows Operating Systems (column 5 line 
48 to 60). 
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3.4. As per claim 4, Jooste is directed to the system of claim 1 , wherein the safety 
zone comprises at least one of a file system, a drive, a directory, a file, or a registry for 
the computer (Fig. 3 item 317and column 6 line 10 to 23). 

3.5. As per claim 6, Jooste is directed to the system of claim 1 , wherein the processor 
is operable to present a user of the computer with an impression that the system call 
was executed even when the system call actually has not been executed (column 6 
line 30 to 65). 

3.6 As per claim 7, Jooste is directed to the system of claim 1 , wherein the processor 
is operable to make the item transparent to a user of the computer. Microsoft Widows 
Operating Systems allows a user to hide his files from being viewed by other users. 
Windows is one of the Operating Systems suggested by Jooste to build the system 
(column 5 line 48 to 60). Hiding files of a user from being viewed by other users is one 
of the features inherit to Windows. 

3.7. As per claim 8, Jooste is directed to a method of protecting and recovering a file 
system in a computer (column 6 line 10 to 14), comprising the steps of: 
storing file system information obtained from examining an operating system and a file 
system structure in the computer (column 8 line 10 to 27); 
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setting a safety zone based on selection of a target that is to be protected or recovered 
(Fig. 3 and column 6 line 9 to 22), wherein selection is made in response to input by an 
authenticated administrator (column 8 line 12 to 22); 

receiving a system call referencing a file pathname corresponding to the target (Fig. 3 
item 301 and column 6 line 15 to 22); 

analyzing the system call to determine if the system call affects the target (column 6 
line 22 to 25); 

and if said system call may affect the target, performing processing to avoid permanent 
modification of the target (column 6 line 27 to 65). 

3.8. As per claim 9, Jooste is directed to the method of claim 8, wherein performing 
processing comprises creating a copy of the target (column 7 line 32 to 48). 

3.9. As per claim 10, Jooste is directed to the method of claim 8, wherein performing 
processing comprises making the target transparent to a user of the computer. 
Microsoft Widows Operating Systems allows a user to hide his files from being viewed 
by other users. Windows is one of the Operating Systems suggested by Jooste to build 
the system (column 5 line 48 to 60). Hiding files of a user from being viewed by other 
users is one of the features inherit to Windows. 

3.10 As per claim 1 1 , Jooste is directed to the method of claim 8, wherein performing 
processing comprises making the system call void (column 6 line 31 to 35). 
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3.11 As per claim 12, Jooste is directed to the method of claim 8, comprising verifying 
a booting media for the computer to prevent use of abnormal booting media. Boot 
source can be configured in Microsoft Widows Operating Systems (column 5 line 48 to 
60). 

3.12. As per claim 13, Jooste is directed to the method of claim 12, wherein the 
abnormal booting media comprises a floppy disk or a CD-ROM drive (see response to 
claim 12). 

3.13. As per claim 14, Jooste is directed to the of claim 8, further comprising 
examining a composition, information structure, and normal status of the file system 
(column 8 line 10 to 27 and column 8 line 60 to column 9 line 9). 

3.14. As per claim 15, Jooste is directed to the method of claim 8, wherein the stored 
file system information comprises original file system information, and further 
comprising: comparing the original file system information with current file system 
information; and replacing the original file system information with the current file 
system information if the original file system information and the current file system 
information are not identical (column 7 line 33 to 48 and column 12 line 2 to 7). 
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3.15. As per claim 16, Jooste is directed to the method of claim 8, wherein the target 
comprises at least one of a file system, a drive, a directory, a file, or a registry of the 
computer (Fig. 3 item 317and column 6 line 10 to 23). 

3.16. As per claim 17, Jooste is directed to the method of claim 8, wherein the system 
call is for creating a target and wherein performing processing comprises: creating the 
target; and updating current file system information to show that the target has been 
created (column 6 line 50 to 66). 

3.17. As per claim 18, Jooste is directed to the method of claim 8, wherein the system 
call is for deleting a target and wherein performing processing comprises: when the 
target has not already been deleted, copying the target for recovery; and updating 
current file system information to show that the target has been deleted. As indicated in 
column 6 line 22 to 67, all unauthorized I/O requests are redirected to alternate 
environment, and won't affect the protected environment. In case of an unauthorized 
I/O request, the response will be based on the state of the alternate environment. 
Therefore, in response to an unauthorized delete request, the response will be from the 
alternate environment, which will confirm the deletion, and the protected environment 
will save a copy for later recovery (see also column 12 line 2 to 7). 
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3.18 As per claim 19, Jooste is directed to the method of claim 18, further comprising: 
when the target has already been deleted, voiding the system call (see response to 
claim 18). 



3.19. As per claim 20, Jooste is directed to the method of claim 8, wherein the system 
call is for renaming a target and wherein performing processing comprises: when the 
target has not already been renamed, copying the target for recovery; and updating 
current file system information to show that the target has been renamed (see 
response to claim 18). 

2.20. As per claim 21 , Jooste is directed to the method of claim 20, wherein the system 
call is for renaming a target and wherein performing processing comprises: when the 
target has already been renamed, voiding the system call (see the response t claim 
18). 



3.21 . As per claim 22, Jooste is directed to the method of claim 8, wherein the system 
call comprises searching for a target and further comprising: searching for the target 
using the current file system information (similar to the response to claim 10, search is 
a function performed by Windows operating system. When a system call from and 
unauthorized user is received, the alternate environment (current file system) will be 
searched). 
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3.22. As per claim 23, Jooste is directed to the method of claim 22, further comprises: 
searching for the target if the target is marked with renew, rename, or delete. As 
indicated in column 9 line 10 to 65, the protected execution agent keeps track of all 
subsequent unauthorized I/O calls and redirects the calls to the alternate environment. 
Therefore, Jooste discloses marked targets. The result of a search for marked targets 
will be based on the alternate environment. Therefore, if the target is deleted, renamed, 
or renewed in the alternate environment, the result of search will be returned according 
to alternate environment. On the other hand, in case of recovery (which must be 
performed by an authorized user), the result of a search query will be based on the 
state of the protected environment, and will show the original files without modifications 
made by the unauthorized user. 

3.23. As per claim 24, Jooste is directed to the method of claim 8, further comprising: 
recovering the target (column 7 line 32 to 48 and column 12 line 2 to 7). 

3.24. As per claim 25, Jooste is directed to the method of claim 24, wherein the target 
is recovered by comparing the stored file system information to current file system 
information. Jooste discloses the stored file system by the protected environment and 
current file system by alternate environment. All recovery methods using a copy of the 
original data is disclosed. 
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3.25. As per claim 26, Jooste is directed to the method of claim 24, wherein the target 
is recovered by renaming a stored copy of the target (see response to claim 25). 

3.26. As per claim 27, Jooste is directed to the method of claim 8, wherein performing 
processing comprises preventing access to the target (As indicated in column 6 line 30 
to 65, unauthorized applications cannot affect the protected environment). 

3.27. As per claim 28, Jooste is directed to the method of claim 8, wherein the system 
call is for an interrupt and wherein processing further comprises: voiding the system 
call if processing the interrupt would affect partition information of the file system (if the 
interrupt call is from an unauthorized user, the call will be voided with no change to 
protected environment (column 6 line 30 to 35). 

3.28. Claim 29 is substantially the same as claim 8. See response to claim 8. 

3.29. As per claim 30, Jooste is directed to the method of claim 29, further comprising 
updating file system information on a data storage device coupled to the computer with 
file system information from a disk drive coupled to the computer (Fig. 2 column 5 line 

1 to 30 and claims 21 and 22). 

3.30. Claims 31 to 54 are substantially the same as claims 8 to 28 above. 



Application/Control Number: 10/028,046 
Art Unit: 2132 



Page 1 1 



3.31. Claim 55 is substantially the same as claim 8. See response to claim 8. 

3.32. As per claim 56, Jooste is directed to the method of claim 55, further comprising: 
authenticating the administrator. Microsoft Widows Operating Systems comes with a 
function to authenticate users, and particularly a system administrator (column 5 line 
48 to 60). 

3.33. As per claim 57, Jooste is directed to the method of claim 56, further 
comprising: receiving authorization information from the administrator; and comparing 
the received authorization information to stored authorization information to determine 
whether to authenticate the administrator (see claim 56 above). 

3.33. As per claim 58, Jooste is directed to the method of claim 55, wherein the item is 
a first item, further comprising: receiving a selection of a second item to be included in 
an open zone from an administrator. Jooste's method allows configuration of protected 
environment to include any area in the file system. Therefore, it discloses the open 
zone within the safety zone. 

3.34. As per claim 59, Jooste is directed to the method of claim 58, wherein the second 
item may be permanently modified (items in the open area are configured such that no 
authorization for modification will be required). 
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3.25. As per claim 60, Jooste is directed to the method of claim 58, wherein the item is 
a first item, further comprising: receiving a selection of a second item to be protected 
from an administrator (following the response to claim 58 above, configure the open 
area such that the modification by the administrator is unauthorized). 

3.26. As per claim 61 , Jooste is directed to the method of claim 60, further comprising: 
restricting user access to the second item (see response to claim 58 above). 

3.27. As per claim 62, Jooste is directed to the method of claim 55, wherein the item is 
stored as an original item, and wherein performing processing comprises: creating a 
copy of the original item; storing the copy for recovery; and allowing a user to access 
the original item (column 12 line 2 to 7). 

3.28. As per claim 63, Jooste is directed to the method of claim 55, wherein performing 
processing comprises making the item transparent to a user of the computer (see 
response to claim 35). 

3.29. As per claim 64, Jooste is directed to the method of claim 55, wherein performing 
processing comprises making the system call void (see response to claim 11). 

3.30. As per claim 65, Jooste is directed to a computer-readable storage medium 
storing a computer program executable by one or more computers, the computer 
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program comprising computer instructions for: receiving a selection of an item to be 
included in a safety zone; intercepting a system call which potentially could affect the 
item in the safety zone; and performing processing responsive to the system call so 
that the item is not permanently modified (see response to claim 8). 

3.31. As per claim 66, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein performing processing further comprises instructions for 
voiding the system call (see response to claim 11). 

3.32. As per claim 67, Jooste is directed to the computer-readable storage medium 
method of claim 66, wherein performing processing further comprises providing 
instructions for providing a user of the computer with an impression that the system call 
was executed (see the response to claim 6). 

3.33. As per claim 68, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein performing processing further comprises instructions for: 
determining that the system call is a find file request; and if execution of the find file 
request would access an item in a safety zone, performing the find file request without 
accessing the file system (as described in column 6 line 30 to 65, any unauthorized 
access operation to a file in the protected environment (safety zone) will be performed 
without accessing to the safety zone). 
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3.34. As per claim 69, Jooste is directed to the computer-readable storage medium 
method of claim 65, further comprising instructions for verifying a booting media for the 
computer to prevent use of abnormal booting media (see response to claim 12). 

3.35. As per claim 70, Jooste is directed to the computer-readable storage medium 
method of claim 65, further comprising instructions for: storing original file system 
information; at a later time, comparing the stored original file system information with 
current file system information; and replacing the original file system information with 
the current file system information if the original file system information and the current 
file system information are not identical (see response to claim 39). 

3.36. As per claim 71 , Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein the system call is for creating an item and wherein 
performing processing further comprises instructions for: creating the item; and 
updating current file system information to show that the item has been created (see 
the response to claim 17). 

3.37. As per claim 72, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein the system call is for deleting an item and wherein 
performing processing further comprises instructions for: when the item has not already 
been deleted, copying the item for recovery; and updating current file system 
information to show that the item has been deleted (see the response to claim 18). 
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3.38. As per claim 73, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein the system call is for renaming an item and wherein 
performing processing further comprises instructions for: when the item has not already 
been renamed, copying the item for recovery; and updating current file system 
information to show that the item has been renamed (see the response to claim 20). 

3.39. As per claim 74, Jooste is directed to the computer-readable storage medium 
method of claim 65, further comprising instructions for recovering items in the safety 
zone (see claim 20). 

3.40. As per claim 75, Jooste is directed to the computer-readable storage medium 
method of claim 74, wherein the item is recovered by renaming a stored copy of the 
item (see response to claim 25). 

3.41. As per claim 76, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein performing processing further comprises instructions for 
preventing access to the item (see response to claim 27). 

3.42. As per claim 77, Jooste is directed to the computer-readable storage medium 
method of claim 65, wherein the system call is for an interrupt and wherein processing 
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further comprises instructions for: voiding the system call if processing the interrupt 
would affect partition information of the file system (see the response to claim 28). 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.SC 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

5. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jooste as 
applied to claim 1 above, and further in view of Bowlin (U.S. Patent Application 
Publication No. 2002/0099944 A1, published July 25, 2002). 

5.1 As per claim 5, Jooste is directed to the system of claim 1 . Jooste specifies an 
interface to configure the safety zone, but it does not include the specific operation of 
presenting information about the safety zone. Bowlin teaches the use of a graphical 
user interface to indicate the files selected for protection in the safety zone (Fig. 6). 



Jooste and Bowlin are analogous art because they both specify a method to protect 
computer files from unauthorized modification. 
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At the time of invention, it would have been obvious to a skilled person in the art to 
incorporate the interface as disclosed by Bowlin in the system of Jooste, to show the 
list of files in the safety zone. 

The motivation to do so would have been to allow the system administrators to see the 
files included in safety zone and make proper adjustments if necessary. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
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have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 

Examiner 

Art Unit: 2132 



GILBERTO BARRON JA- 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 
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